From c96bb9a352bb52ae45f965c698711d6efc3bb8c0 Mon Sep 17 00:00:00 2001 From: Duncaen Date: Thu, 6 Apr 2023 00:04:37 +0200 Subject: [PATCH] chromium: update to 112.0.5615.49. --- .../files/musl-patches/musl-sandbox.patch | 135 ++++++++++++------ .../chromium/patches/fc-cache-version.patch | 13 ++ .../patches/fix-build-with-old-clang.patch | 20 --- .../chromium/patches/fix-resolver-musl.patch | 66 --------- srcpkgs/chromium/template | 7 +- 5 files changed, 106 insertions(+), 135 deletions(-) create mode 100644 srcpkgs/chromium/patches/fc-cache-version.patch delete mode 100644 srcpkgs/chromium/patches/fix-build-with-old-clang.patch delete mode 100644 srcpkgs/chromium/patches/fix-resolver-musl.patch diff --git a/srcpkgs/chromium/files/musl-patches/musl-sandbox.patch b/srcpkgs/chromium/files/musl-patches/musl-sandbox.patch index c770e76d8688..52c3b2105034 100644 --- a/srcpkgs/chromium/files/musl-patches/musl-sandbox.patch +++ b/srcpkgs/chromium/files/musl-patches/musl-sandbox.patch @@ -1,20 +1,21 @@ ---- ./sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc.orig 2019-07-03 11:53:21.213479736 -0400 -+++ ./sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc 2019-07-03 11:57:01.304998253 -0400 -@@ -140,31 +140,14 @@ +musl uses different syscalls from glibc for some functions, so the sandbox has +to account for that +-- +diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc ./sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc +index ff5a1c0..da56b9b 100644 +--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc ++++ ./sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc +@@ -139,21 +139,11 @@ namespace sandbox { + // present (as in newer versions of posix_spawn). ResultExpr RestrictCloneToThreadsAndEPERMFork() { const Arg flags(0); - +- - // TODO(mdempsky): Extend DSL to support (flags & ~mask1) == mask2. - const uint64_t kAndroidCloneMask = CLONE_VM | CLONE_FS | CLONE_FILES | - CLONE_SIGHAND | CLONE_THREAD | - CLONE_SYSVSEM; - const uint64_t kObsoleteAndroidCloneMask = kAndroidCloneMask | CLONE_DETACHED; -+ const int required = CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | -+ CLONE_THREAD | CLONE_SYSVSEM; -+ const int safe = CLONE_SETTLS | CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID | -+ CLONE_DETACHED; -+ const BoolExpr thread_clone_ok = (flags&~safe)==required; - +- - const uint64_t kGlibcPthreadFlags = - CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | CLONE_THREAD | - CLONE_SYSVSEM | CLONE_SETTLS | CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID; @@ -23,45 +24,28 @@ - const BoolExpr android_test = - AnyOf(flags == kAndroidCloneMask, flags == kObsoleteAndroidCloneMask, - flags == kGlibcPthreadFlags); -- -- // The following two flags are the two important flags in any vfork-emulating -- // clone call. EPERM any clone call that contains both of them. -- const uint64_t kImportantCloneVforkFlags = CLONE_VFORK | CLONE_VM; -- -- const BoolExpr is_fork_or_clone_vfork = -- AnyOf((flags & (CLONE_VM | CLONE_THREAD)) == 0, -- (flags & kImportantCloneVforkFlags) == kImportantCloneVforkFlags); -- ++ const int required = CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | ++ CLONE_THREAD | CLONE_SYSVSEM; ++ const int safe = CLONE_SETTLS | CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID | ++ CLONE_DETACHED; ++ const BoolExpr thread_clone_ok = (flags&~safe)==required; + + // The following two flags are the two important flags in any vfork-emulating + // clone call. EPERM any clone call that contains both of them. +@@ -163,7 +153,7 @@ ResultExpr RestrictCloneToThreadsAndEPERMFork() { + AnyOf((flags & (CLONE_VM | CLONE_THREAD)) == 0, + (flags & kImportantCloneVforkFlags) == kImportantCloneVforkFlags); + - return If(IsAndroid() ? android_test : glibc_test, Allow()) -- .ElseIf(is_fork_or_clone_vfork, Error(EPERM)) + return If(thread_clone_ok, Allow()) -+ .ElseIf((flags & (CLONE_VM | CLONE_THREAD)) == 0, Error(EPERM)) + .ElseIf(is_fork_or_clone_vfork, Error(EPERM)) .Else(CrashSIGSYSClone()); } - ---- ./sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc.orig +diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc ./sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc +index d9d1882..0567557 100644 +--- a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc +++ ./sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc -@@ -494,6 +494,7 @@ - case __NR_mlock: - case __NR_munlock: - case __NR_munmap: -+ case __NR_mremap: - return true; - case __NR_madvise: - case __NR_mincore: -@@ -509,7 +510,6 @@ - case __NR_modify_ldt: - #endif - case __NR_mprotect: -- case __NR_mremap: - case __NR_msync: - case __NR_munlockall: - case __NR_readahead: -diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc -index 80f02c0..21fbe21 100644 ---- sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc -+++ sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc -@@ -373,6 +373,7 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) { +@@ -392,6 +392,7 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) { #if defined(__i386__) case __NR_waitpid: #endif @@ -69,7 +53,7 @@ index 80f02c0..21fbe21 100644 return true; case __NR_clone: // Should be parameter-restricted. case __NR_setns: // Privileged. -@@ -385,7 +386,6 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) { +@@ -404,7 +405,6 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) { #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) case __NR_set_thread_area: #endif @@ -77,3 +61,64 @@ index 80f02c0..21fbe21 100644 case __NR_unshare: #if !defined(__mips__) && !defined(__aarch64__) case __NR_vfork: +@@ -514,6 +514,8 @@ bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) { + case __NR_mlock: + case __NR_munlock: + case __NR_munmap: ++ case __NR_mremap: ++ case __NR_membarrier: + return true; + case __NR_madvise: + case __NR_mincore: +@@ -531,7 +533,6 @@ bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) { + case __NR_modify_ldt: + #endif + case __NR_mprotect: +- case __NR_mremap: + case __NR_msync: + case __NR_munlockall: + case __NR_readahead: +diff --git a/sandbox/linux/system_headers/linux_syscalls.h ./sandbox/linux/system_headers/linux_syscalls.h +index 2b78a0c..b6fedb5 100644 +--- a/sandbox/linux/system_headers/linux_syscalls.h ++++ b/sandbox/linux/system_headers/linux_syscalls.h +@@ -10,6 +10,7 @@ + #define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SYSCALLS_H_ + + #include "build/build_config.h" ++#include + + #if defined(__x86_64__) + #include "sandbox/linux/system_headers/x86_64_linux_syscalls.h" +--- a/sandbox/policy/linux/bpf_renderer_policy_linux.cc ++++ b/sandbox/policy/linux/bpf_renderer_policy_linux.cc +@@ -94,6 +94,9 @@ + case __NR_pwrite64: + case __NR_sched_get_priority_max: + case __NR_sched_get_priority_min: ++ case __NR_sched_getparam: ++ case __NR_sched_getscheduler: ++ case __NR_sched_setscheduler: + case __NR_sysinfo: + case __NR_times: + case __NR_uname: +--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc ++++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc +@@ -225,10 +225,15 @@ + if (sysno == __NR_getpriority || sysno ==__NR_setpriority) + return RestrictGetSetpriority(current_pid); + ++ // XXX: hacks for musl sandbox, calls needed? ++ if (sysno == __NR_sched_getparam || sysno == __NR_sched_getscheduler || ++ sysno == __NR_sched_setscheduler) { ++ return Allow(); ++ } ++ + // The scheduling syscalls are used in threading libraries and also heavily in + // abseil. See for example https://crbug.com/1370394. +- if (sysno == __NR_sched_getaffinity || sysno == __NR_sched_getparam || +- sysno == __NR_sched_getscheduler || sysno == __NR_sched_setscheduler) { ++ if (sysno == __NR_sched_getaffinity) { + return RestrictSchedTarget(current_pid, sysno); + } + diff --git a/srcpkgs/chromium/patches/fc-cache-version.patch b/srcpkgs/chromium/patches/fc-cache-version.patch new file mode 100644 index 000000000000..3b768978a43d --- /dev/null +++ b/srcpkgs/chromium/patches/fc-cache-version.patch @@ -0,0 +1,13 @@ +instead of hardcoding the version, use the defined macro. +-- +--- a/third_party/test_fonts/fontconfig/generate_fontconfig_caches.cc ++++ b/third_party/test_fonts/fontconfig/generate_fontconfig_caches.cc +@@ -56,7 +56,7 @@ + FcFini(); + + // Check existence of intended fontconfig cache file. +- auto cache = fontconfig_caches + "/" + kCacheKey + "-le64.cache-9"; ++ auto cache = fontconfig_caches + "/" + kCacheKey + "-le64.cache-" + FC_CACHE_VERSION; + bool cache_exists = access(cache.c_str(), F_OK) == 0; + return !cache_exists; + } diff --git a/srcpkgs/chromium/patches/fix-build-with-old-clang.patch b/srcpkgs/chromium/patches/fix-build-with-old-clang.patch deleted file mode 100644 index f23218e71e4d..000000000000 --- a/srcpkgs/chromium/patches/fix-build-with-old-clang.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- a/build/config/compiler/BUILD.gn -+++ b/build/config/compiler/BUILD.gn -@@ -805,17 +805,6 @@ - cflags += [ "-fcomplete-member-pointers" ] - } - -- # Use DWARF simple template names, with the following exceptions: -- # -- # * Windows is not supported as it doesn't use DWARF. -- # * Apple platforms (e.g. MacOS, iPhone, iPad) aren't supported because xcode -- # lldb doesn't have the needed changes yet. -- # * Fuchsia isn't supported as zxdb doesn't support simple template names yet. -- # TODO(crbug.com/1379070): Remove if the upstream default ever changes. -- if (is_clang && !is_nacl && !is_win && !is_apple && !is_fuchsia) { -- cflags_cc += [ "-gsimple-template-names" ] -- } -- - # MLGO specific flags. These flags enable an ML-based inliner trained on - # Chrome on Android (arm32) with ThinLTO enabled, optimizing for size. - # The "release" ML model is embedded into clang as part of its build. diff --git a/srcpkgs/chromium/patches/fix-resolver-musl.patch b/srcpkgs/chromium/patches/fix-resolver-musl.patch deleted file mode 100644 index 567d74174ede..000000000000 --- a/srcpkgs/chromium/patches/fix-resolver-musl.patch +++ /dev/null @@ -1,66 +0,0 @@ ---- a/net/dns/public/scoped_res_state.cc.orig -+++ b/net/dns/public/scoped_res_state.cc -@@ -13,7 +13,7 @@ - namespace net { - - ScopedResState::ScopedResState() { --#if BUILDFLAG(IS_OPENBSD) || BUILDFLAG(IS_FUCHSIA) -+#if BUILDFLAG(IS_OPENBSD) || BUILDFLAG(IS_FUCHSIA) || (BUILDFLAG(IS_LINUX) && !defined(__GLIBC__)) - // Note: res_ninit in glibc always returns 0 and sets RES_INIT. - // res_init behaves the same way. - memset(&_res, 0, sizeof(_res)); ---- a/net/dns/public/scoped_res_state.cc -+++ b/net/dns/public/scoped_res_state.cc -@@ -25,7 +25,7 @@ - } - - ScopedResState::~ScopedResState() { --#if !BUILDFLAG(IS_OPENBSD) && !BUILDFLAG(IS_FUCHSIA) -+#if !BUILDFLAG(IS_OPENBSD) && !BUILDFLAG(IS_FUCHSIA) && !(BUILDFLAG(IS_LINUX) && !defined(__GLIBC__)) - - // Prefer res_ndestroy where available. - #if BUILDFLAG(IS_APPLE) || BUILDFLAG(IS_FREEBSD) -@@ -34,7 +34,7 @@ - res_nclose(&res_); - #endif // BUILDFLAG(IS_APPLE) || BUILDFLAG(IS_FREEBSD) - --#endif // !BUILDFLAG(IS_OPENBSD) && !BUILDFLAG(IS_FUCHSIA) -+#endif // !BUILDFLAG(IS_OPENBSD) && !BUILDFLAG(IS_FUCHSIA) && !(BUILDFLAG(IS_LINUX) && !defined(__GLIBC__)) - } - - bool ScopedResState::IsValid() const { ---- a/net/dns/host_resolver_system_task.cc.orig -+++ b/net/dns/host_resolver_system_task.cc -@@ -311,7 +311,7 @@ - - void EnsureSystemHostResolverCallReady() { - #if BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_APPLE) && !BUILDFLAG(IS_OPENBSD) && \ -- !BUILDFLAG(IS_ANDROID) -+ !BUILDFLAG(IS_ANDROID) && !(BUILDFLAG(IS_LINUX) && !defined(__GLIBC__)) - EnsureDnsReloaderInit(); - #elif BUILDFLAG(IS_WIN) - EnsureWinsockInit(); ---- a/net/dns/dns_reloader.cc.orig -+++ b/net/dns/dns_reloader.cc -@@ -7,7 +7,8 @@ - #include "build/build_config.h" - - #if BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_APPLE) && !BUILDFLAG(IS_OPENBSD) && \ -- !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_FUCHSIA) -+ !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_FUCHSIA) && \ -+ !(BUILDFLAG(IS_LINUX) && !defined(__GLIBC__)) - - #include - ---- a/net/dns/host_resolver_system_task.cc -+++ b/net/dns/host_resolver_system_task.cc -@@ -397,7 +397,8 @@ - base::BlockingType::WILL_BLOCK); - - #if BUILDFLAG(IS_POSIX) && \ -- !(BUILDFLAG(IS_APPLE) || BUILDFLAG(IS_OPENBSD) || BUILDFLAG(IS_ANDROID)) -+ !(BUILDFLAG(IS_APPLE) || BUILDFLAG(IS_OPENBSD) || BUILDFLAG(IS_ANDROID) || \ -+ (BUILDFLAG(IS_LINUX) && !defined(__GLIBC__))) - DnsReloaderMaybeReload(); - #endif - auto [ai, err, os_error] = AddressInfo::Get(host, hints, nullptr, network); diff --git a/srcpkgs/chromium/template b/srcpkgs/chromium/template index 3c1c1caf3765..fd69b22560af 100644 --- a/srcpkgs/chromium/template +++ b/srcpkgs/chromium/template @@ -1,11 +1,11 @@ # Template file for 'chromium' pkgname=chromium # See https://chromiumdash.appspot.com/releases?platform=Linux for the latest version -version=111.0.5563.64 +version=112.0.5615.49 revision=1 archs="i686* x86_64* aarch64* armv7l*" hostmakedepends=" - $(vopt_if clang "clang lld llvm12") + $(vopt_if clang "clang lld llvm15") $(vopt_if js_optimize openjdk) bison git gperf hwids ninja nodejs perl pkg-config python3 libatomic-devel libepoxy-devel libevent-devel libglib-devel" @@ -28,7 +28,7 @@ maintainer="Duncaen " license="BSD-3-Clause" homepage="https://www.chromium.org/" distfiles="https://commondatastorage.googleapis.com/chromium-browser-official/${pkgname}-${version}.tar.xz" -checksum=7d5ca0e2bdb22a97713e6bfce74c651006d71aa883056c8e2c2a148039fe4074 +checksum=ddfd37373c1fa0f433a6ac11f0baa2b1f3fdfb9c7b5867e32a4300f2eb5aff41 lib32disabled=yes @@ -195,7 +195,6 @@ do_configure() { "use_lld=$(vopt_if clang true false)" 'clang_use_chrome_plugins=false' 'clang_base_path="/usr"' - 'use_cxx17=true' "gold_path=\"${XBPS_CROSS_BASE}/usr/bin/ld.gold\"" 'use_custom_libcxx=false'